A Study On Regulation Of Compliance In EU Data Protection ——Focus On The General Data Protection Regulation

With the rapid development of information network technology represented by big data,cloud computing,Internet of Things and artificial intelligence in recent years,the world has entered the era of digital economy.In such an era,people’s daily information on clothing,food,housing and transportation is recorded and uploaded by cell phones,computers and other terminals,and everyone has become a "transparent person" in terms of personal data,with no privacy.At the same time,the increasing cross-border data transmission,the gradual increase of information cyberspace risks.and the continuous emergence of information leakage incidents have seriously threatened national security and social stability,and new requirements for information globalization and global digital governance have been proposed.The General Data Protection Regulation（hereinafter referred to as EU GDPR）.which began to be implemented within the EU in 2018,is the most advanced and strict legislation on data protection in the world so far.It establishes a global data protection and regulatory framework,a strict data protection regime,and extends the impact of the law to all parts of the world through the territorial scope of Article 3 of the GDPR.These forward-looking thoughts on the development of new technologies have made the EU the world leader in personal data protection legislation,setting an example and building a template for the legislation of other countries in the world,as well as having a profound impact on the compliance plans of multinational enterprises.Under such circumstances,it is necessary to study the legal regulation of the EU GDPR.In this paper,it analyzes the content of the EU GDPR using comparative analysis and literature analysis,and explores the global impact of the EU GDPR.On the basis of this,it proposes legislative ideas to improve the Law on the Protection of Personal Information（Draft）（hereinafter referred to as the Draft）and the current situation of personal information protection in China.This paper is divided into four parts.The first part introduces the history of the development of the EU GDPR,its research value and the current status of research on it at home and abroad.The second part aims to introduce the specific provisions of the EU GDPR data protection.This part starts from the exploration of the concept of personal data,and develops the discussion of six aspects,including the scope of application,user consent standard,data subject rights,accountability and punishment mechanism,and joint controller responsibility,to elaborate its core concepts.The third part elaborates the current status and impact of the application of EU GDPR.There are three subsections in this part:the first section introduces the impact of GDPR on countries within the EU.The section first categorizes the open-ended provisions of the EU GDPR into three types:mandatory,arbitrary,and special,and introduces the variant application of the open-ended provisions in different member states.It then introduces the three cases with the highest fines made by the EU data protection authorities as examples of their enforcement and supervision,i.e.how the relevant data protection authorities protect the rights of data subjects according to the EU GDPR.Finally,it introduces how various EU data protection authorities have issued guidelines to balance public safety and personal information protection in special circumstances in accordance with the EU GDPR data protection rules in the context of the Covid-19 outbreak.The second section presents the impact of the EU GDPR on offshore data protection legislation.The legal transposition of the EU GDPR by California’s California Consumer Privacy Act,Canada’s Bill C-11,and Brazil’s General Data Protection Law are discussed respectively.The third section presents the impact of the EU GDPR on corporate compliance.High standards of corporate compliance requirements have led to escalating compliance costs,exemplary penalties have led to damage to the goodwill of the companies involved,which in turn has led to the loss of users,and compliance restrictions have put a straitjacket on technological innovation.The fourth part elaborates China’s response to the international data protection trend led by the EU GDPR.The Law on the Protection of Personal Information（Draft）introduced in China in October 2020 is a product of a total transplantation,and its provisions are basically the same as the EU GDPR.As an imported product,it is true that there is a situation of unconformity,which has been proved in the concrete practice of other countries.Based on the current situation of the legal regulation of information protection in China,this paper elaborates the characteristics and shortcomings of the Draft in China,and makes suggestions for the localization and improvement of the Draft on the basis of the EU GDPR provisions and its application,and the ways and characteristics of transplantation in other countries.